Add post-quantum support

2025-11-06 16:21:54 +01:00
parent 2e40d02605
commit d9df32f7cf
5 changed files with 19 additions and 13 deletions
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-FROM golang:1.21-alpine AS builder
+FROM golang:1.24-alpine AS builder

 WORKDIR /app

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,10 +1,10 @@
 services:
  ssh-server:
-    image: dcorral3/go-ssh-server-command:latest
+    build: .
    ports:
      - "22:22"
    cap_add:
      - SYS_CHROOT
    environment:
      - COMMAND=/app/tui
-    restart: unless-stopped
+    restart: unless-stopped
--- a/go.mod
+++ b/go.mod
@@ -1,10 +1,10 @@
 module sshserver

-go 1.21
+go 1.24.0

 require (
 	github.com/creack/pty/v2 v2.0.1
-	golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f
+	golang.org/x/crypto v0.43.0
 )

-require golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 // indirect
+require golang.org/x/sys v0.37.0 // indirect
--- a/go.sum
+++ b/go.sum
@@ -1,8 +1,8 @@
 github.com/creack/pty/v2 v2.0.1 h1:RDY1VY5b+7m2mfPsugucOYPIxMp+xal5ZheSyVzUA+k=
 github.com/creack/pty/v2 v2.0.1/go.mod h1:2dSssKp3b86qYEMwA/FPwc3ff+kYpDdQI8osU8J7gxQ=
-golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f h1:OeJjE6G4dgCY4PIXvIRQbE8+RX+uXZyGhUy/ksMGJoc=
-golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
+golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
+golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
+golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q=
+golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss=
--- a/main.go
+++ b/main.go
@@ -18,6 +18,9 @@ func main() {
 		log.Fatal("COMMAND environment variable must be set")
 	}
 	config := &ssh.ServerConfig{
+		Config: ssh.Config{
+			KeyExchanges: []string{"mlkem768x25519-sha256", "curve25519-sha256", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group14-sha256", "diffie-hellman-group16-sha512"},
+		},
 		NoClientAuth: true,
 	}
 	_, key, err := ed25519.GenerateKey(rand.Reader)
@@ -51,6 +54,9 @@ func handleConn(conn net.Conn, config *ssh.ServerConfig) {
 		conn.Close()
 		return
 	}
+	if acm, ok := sshConn.Conn.(ssh.AlgorithmsConnMetadata); ok {
+		log.Println("Negotiated KEX:", acm.Algorithms().KeyExchange)
+	}
 	log.Println("New connection from", sshConn.RemoteAddr(), "user", sshConn.User())
 	go ssh.DiscardRequests(reqs)
 	for newChannel := range chans {
@@ -142,4 +148,4 @@ func runCommand(channel ssh.Channel, command string) {
 	go io.Copy(channel, stdout)
 	go io.Copy(channel, stderr)
 	cmd.Wait()
-}
+}